Commit 6725c464 authored by Pieter Hintjens's avatar Pieter Hintjens

Added ZMQ_ZAP_DOMAIN socket option

* This is passed to the ZAP handler in the 'domain' field

* If not set, or empty, then NULL security does not call the ZAP handler

* This resolves the phantom ZAP request syndrome seen with sockets where
  security was never intended (e.g. in test cases)

* This means if you install a ZAP handler, it will not get any requests
  for new connections until you take some explicit action, which can be
  setting a username/password for PLAIN, a key for CURVE, or the domain
  for NULL.
parent c45d91a1
...@@ -240,11 +240,11 @@ Applicable socket types:: all, only for connection-oriented transports ...@@ -240,11 +240,11 @@ Applicable socket types:: all, only for connection-oriented transports
ZMQ_RECONNECT_IVL_MAX: Retrieve maximum reconnection interval ZMQ_RECONNECT_IVL_MAX: Retrieve maximum reconnection interval
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_RECONNECT_IVL_MAX' option shall retrieve the maximum reconnection The 'ZMQ_RECONNECT_IVL_MAX' option shall retrieve the maximum reconnection
interval for the specified 'socket'. This is the maximum period 0MQ shall wait interval for the specified 'socket'. This is the maximum period 0MQ shall wait
between attempts to reconnect. On each reconnect attempt, the previous interval between attempts to reconnect. On each reconnect attempt, the previous interval
shall be doubled untill ZMQ_RECONNECT_IVL_MAX is reached. This allows for shall be doubled untill ZMQ_RECONNECT_IVL_MAX is reached. This allows for
exponential backoff strategy. Default value means no exponential backoff is exponential backoff strategy. Default value means no exponential backoff is
performed and reconnect interval calculations are only based on performed and reconnect interval calculations are only based on
ZMQ_RECONNECT_IVL. ZMQ_RECONNECT_IVL.
...@@ -379,11 +379,11 @@ necessarily indicate that messages are available to be read from, or can be ...@@ -379,11 +379,11 @@ necessarily indicate that messages are available to be read from, or can be
written to, the underlying socket; applications must retrieve the actual event written to, the underlying socket; applications must retrieve the actual event
state with a subsequent retrieval of the 'ZMQ_EVENTS' option. state with a subsequent retrieval of the 'ZMQ_EVENTS' option.
NOTE: The returned file descriptor is also used internally by the 'zmq_send' NOTE: The returned file descriptor is also used internally by the 'zmq_send'
and 'zmq_recv' functions. As the descriptor is edge triggered, applications and 'zmq_recv' functions. As the descriptor is edge triggered, applications
must update the state of 'ZMQ_EVENTS' after each invocation of 'zmq_send' must update the state of 'ZMQ_EVENTS' after each invocation of 'zmq_send'
or 'zmq_recv'.To be more explicit: after calling 'zmq_send' the socket may or 'zmq_recv'.To be more explicit: after calling 'zmq_send' the socket may
become readable (and vice versa) without triggering a read event on the become readable (and vice versa) without triggering a read event on the
file descriptor. file descriptor.
CAUTION: The returned file descriptor is intended for use with a 'poll' or CAUTION: The returned file descriptor is intended for use with a 'poll' or
...@@ -425,7 +425,7 @@ Applicable socket types:: all ...@@ -425,7 +425,7 @@ Applicable socket types:: all
ZMQ_LAST_ENDPOINT: Retrieve the last endpoint set ZMQ_LAST_ENDPOINT: Retrieve the last endpoint set
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_LAST_ENDPOINT' option shall retrieve the last endpoint bound for The 'ZMQ_LAST_ENDPOINT' option shall retrieve the last endpoint bound for
TCP and IPC transports. The returned value will be a string in the form of TCP and IPC transports. The returned value will be a string in the form of
a ZMQ DSN. Note that if the TCP host is INADDR_ANY, indicated by a *, then a ZMQ DSN. Note that if the TCP host is INADDR_ANY, indicated by a *, then
the returned address will be 0.0.0.0 (for IPv4). the returned address will be 0.0.0.0 (for IPv4).
...@@ -451,8 +451,8 @@ Applicable socket types:: all, when using TCP transports. ...@@ -451,8 +451,8 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_KEEPALIVE_IDLE: Override TCP_KEEPCNT(or TCP_KEEPALIVE on some OS) ZMQ_TCP_KEEPALIVE_IDLE: Override TCP_KEEPCNT(or TCP_KEEPALIVE on some OS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Override 'TCP_KEEPCNT'(or 'TCP_KEEPALIVE' on some OS) socket option (where Override 'TCP_KEEPCNT'(or 'TCP_KEEPALIVE' on some OS) socket option (where
supported by OS). The default value of `-1` means to skip any overrides and supported by OS). The default value of `-1` means to skip any overrides and
leave it to OS default. leave it to OS default.
[horizontal] [horizontal]
...@@ -512,7 +512,7 @@ Applicable socket types:: all, when using TCP or IPC transports ...@@ -512,7 +512,7 @@ Applicable socket types:: all, when using TCP or IPC transports
ZMQ_PLAIN_USERNAME: Retrieve current PLAIN username ZMQ_PLAIN_USERNAME: Retrieve current PLAIN username
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_PLAIN_USERNAME' option shall retrieve the last username set for The 'ZMQ_PLAIN_USERNAME' option shall retrieve the last username set for
the PLAIN security mechanism. The returned value shall be a NULL-terminated the PLAIN security mechanism. The returned value shall be a NULL-terminated
string and MAY be empty. The returned size SHALL include the terminating string and MAY be empty. The returned size SHALL include the terminating
null byte. null byte.
...@@ -526,7 +526,7 @@ Applicable socket types:: all, when using TCP or IPC transports ...@@ -526,7 +526,7 @@ Applicable socket types:: all, when using TCP or IPC transports
ZMQ_PLAIN_PASSWORD: Retrieve current password ZMQ_PLAIN_PASSWORD: Retrieve current password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_PLAIN_PASSWORD' option shall retrieve the last password set for The 'ZMQ_PLAIN_PASSWORD' option shall retrieve the last password set for
the PLAIN security mechanism. The returned value shall be a NULL-terminated the PLAIN security mechanism. The returned value shall be a NULL-terminated
string and MAY be empty. The returned size SHALL include the terminating string and MAY be empty. The returned size SHALL include the terminating
null byte. null byte.
...@@ -541,7 +541,7 @@ ZMQ_CURVE_PUBLICKEY: Retrieve current CURVE public key ...@@ -541,7 +541,7 @@ ZMQ_CURVE_PUBLICKEY: Retrieve current CURVE public key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Retrieves the current long term public key for the socket. You can Retrieves the current long term public key for the socket. You can
provide either a 32 byte buffer, to retrieve the binary key value, or provide either a 32 byte buffer, to retrieve the binary key value, or
a 40 byte buffer, to retrieve the key in a printable Z85 format. a 40 byte buffer, to retrieve the key in a printable Z85 format.
[horizontal] [horizontal]
...@@ -555,7 +555,7 @@ ZMQ_CURVE_SECRETKEY: Retrieve current CURVE secret key ...@@ -555,7 +555,7 @@ ZMQ_CURVE_SECRETKEY: Retrieve current CURVE secret key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Retrieves the current long term secret key for the socket. You can Retrieves the current long term secret key for the socket. You can
provide either a 32 byte buffer, to retrieve the binary key value, or provide either a 32 byte buffer, to retrieve the binary key value, or
a 40 byte buffer, to retrieve the key in a printable Z85 format. a 40 byte buffer, to retrieve the key in a printable Z85 format.
[horizontal] [horizontal]
...@@ -569,7 +569,7 @@ ZMQ_CURVE_SERVERKEY: Retrieve current CURVE server key ...@@ -569,7 +569,7 @@ ZMQ_CURVE_SERVERKEY: Retrieve current CURVE server key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Retrieves the current server key for the client socket. You can Retrieves the current server key for the client socket. You can
provide either a 32 byte buffer, to retrieve the binary key value, or provide either a 32 byte buffer, to retrieve the binary key value, or
a 40 byte buffer, to retrieve the key in a printable Z85 format. a 40 byte buffer, to retrieve the key in a printable Z85 format.
[horizontal] [horizontal]
...@@ -579,6 +579,20 @@ Default value:: null ...@@ -579,6 +579,20 @@ Default value:: null
Applicable socket types:: all, when using TCP transport Applicable socket types:: all, when using TCP transport
ZMQ_ZAP_DOMAIN: Retrieve RFC 27 authentication domain
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_ZAP_DOMAIN' option shall retrieve the last ZAP domain set for
the socket. The returned value shall be a NULL-terminated string and MAY
be empty. The returned size SHALL include the terminating null byte.
[horizontal]
Option value type:: character string
Option value unit:: N/A
Default value:: not set
Applicable socket types:: all, when using TCP transport
RETURN VALUE RETURN VALUE
------------ ------------
The _zmq_getsockopt()_ function shall return zero if successful. Otherwise it The _zmq_getsockopt()_ function shall return zero if successful. Otherwise it
......
...@@ -259,7 +259,7 @@ Applicable socket types:: all, only for connection-oriented transports ...@@ -259,7 +259,7 @@ Applicable socket types:: all, only for connection-oriented transports
ZMQ_RECONNECT_IVL_MAX: Set maximum reconnection interval ZMQ_RECONNECT_IVL_MAX: Set maximum reconnection interval
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_RECONNECT_IVL_MAX' option shall set the maximum reconnection interval The 'ZMQ_RECONNECT_IVL_MAX' option shall set the maximum reconnection interval
for the specified 'socket'. This is the maximum period 0MQ shall wait between for the specified 'socket'. This is the maximum period 0MQ shall wait between
attempts to reconnect. On each reconnect attempt, the previous interval shall be attempts to reconnect. On each reconnect attempt, the previous interval shall be
doubled untill ZMQ_RECONNECT_IVL_MAX is reached. This allows for exponential doubled untill ZMQ_RECONNECT_IVL_MAX is reached. This allows for exponential
...@@ -396,8 +396,8 @@ Applicable socket types:: all, only for connection-oriented transports. ...@@ -396,8 +396,8 @@ Applicable socket types:: all, only for connection-oriented transports.
ZMQ_ROUTER_MANDATORY: accept only routable messages on ROUTER sockets ZMQ_ROUTER_MANDATORY: accept only routable messages on ROUTER sockets
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the ROUTER socket behavior when an unroutable message is encountered. A Sets the ROUTER socket behavior when an unroutable message is encountered. A
value of `0` is the default and discards the message silently when it cannot be value of `0` is the default and discards the message silently when it cannot be
routed. A value of `1` returns an 'EHOSTUNREACH' error code if the message routed. A value of `1` returns an 'EHOSTUNREACH' error code if the message
cannot be routed. cannot be routed.
...@@ -430,10 +430,10 @@ Applicable socket types:: ZMQ_ROUTER ...@@ -430,10 +430,10 @@ Applicable socket types:: ZMQ_ROUTER
ZMQ_PROBE_ROUTER: bootstrap connections to ROUTER sockets ZMQ_PROBE_ROUTER: bootstrap connections to ROUTER sockets
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When set to 1, the socket will automatically send an empty message when a When set to 1, the socket will automatically send an empty message when a
new connection is made or accepted. You may set this on REQ, DEALER, or new connection is made or accepted. You may set this on REQ, DEALER, or
ROUTER sockets connected to a ROUTER socket. The application must filter ROUTER sockets connected to a ROUTER socket. The application must filter
such empty messages. The ZMQ_PROBE_ROUTER option in effect provides the such empty messages. The ZMQ_PROBE_ROUTER option in effect provides the
ROUTER application with an event signaling the arrival of a new peer. ROUTER application with an event signaling the arrival of a new peer.
NOTE: do not set this option on a socket that talks to any other socket NOTE: do not set this option on a socket that talks to any other socket
...@@ -449,8 +449,8 @@ Applicable socket types:: ZMQ_ROUTER, ZMQ_DEALER, ZMQ_REQ ...@@ -449,8 +449,8 @@ Applicable socket types:: ZMQ_ROUTER, ZMQ_DEALER, ZMQ_REQ
ZMQ_XPUB_VERBOSE: provide all subscription messages on XPUB sockets ZMQ_XPUB_VERBOSE: provide all subscription messages on XPUB sockets
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the 'XPUB' socket behavior on new subscriptions and unsubscriptions. Sets the 'XPUB' socket behavior on new subscriptions and unsubscriptions.
A value of '0' is the default and passes only new subscription messages to A value of '0' is the default and passes only new subscription messages to
upstream. A value of '1' passes all subscription messages upstream. upstream. A value of '1' passes all subscription messages upstream.
[horizontal] [horizontal]
...@@ -481,7 +481,7 @@ ZMQ_REQ_STRICT: enforce strict alternation between request and reply ...@@ -481,7 +481,7 @@ ZMQ_REQ_STRICT: enforce strict alternation between request and reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When set to 1, a REQ socket does not allow initiating a new request with When set to 1, a REQ socket does not allow initiating a new request with
_zmq_send(3)_ until the reply to the previous one has been received. _zmq_send(3)_ until the reply to the previous one has been received.
When set to 0, sending another message is allowed and has the effect of When set to 0, sending another message is allowed and has the effect of
disconnecting the underlying connection to the peer from which the reply was disconnecting the underlying connection to the peer from which the reply was
expected, triggering a reconnection attempt on transports that support it. expected, triggering a reconnection attempt on transports that support it.
...@@ -515,8 +515,8 @@ Applicable socket types:: all, when using TCP transports. ...@@ -515,8 +515,8 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_KEEPALIVE_IDLE: Override TCP_KEEPCNT (or TCP_KEEPALIVE on some OS) ZMQ_TCP_KEEPALIVE_IDLE: Override TCP_KEEPCNT (or TCP_KEEPALIVE on some OS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Override 'TCP_KEEPCNT'(or 'TCP_KEEPALIVE' on some OS) socket option (where Override 'TCP_KEEPCNT'(or 'TCP_KEEPALIVE' on some OS) socket option (where
supported by OS). The default value of `-1` means to skip any overrides and supported by OS). The default value of `-1` means to skip any overrides and
leave it to OS default. leave it to OS default.
[horizontal] [horizontal]
...@@ -529,7 +529,7 @@ Applicable socket types:: all, when using TCP transports. ...@@ -529,7 +529,7 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_KEEPALIVE_CNT: Override TCP_KEEPCNT socket option ZMQ_TCP_KEEPALIVE_CNT: Override TCP_KEEPCNT socket option
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Override 'TCP_KEEPCNT' socket option (where supported by OS). The default Override 'TCP_KEEPCNT' socket option (where supported by OS). The default
value of `-1` means to skip any overrides and leave it to OS default. value of `-1` means to skip any overrides and leave it to OS default.
[horizontal] [horizontal]
...@@ -542,7 +542,7 @@ Applicable socket types:: all, when using TCP transports. ...@@ -542,7 +542,7 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_KEEPALIVE_INTVL: Override TCP_KEEPINTVL socket option ZMQ_TCP_KEEPALIVE_INTVL: Override TCP_KEEPINTVL socket option
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Override 'TCP_KEEPINTVL' socket option(where supported by OS). The default Override 'TCP_KEEPINTVL' socket option(where supported by OS). The default
value of `-1` means to skip any overrides and leave it to OS default. value of `-1` means to skip any overrides and leave it to OS default.
[horizontal] [horizontal]
...@@ -555,11 +555,11 @@ Applicable socket types:: all, when using TCP transports. ...@@ -555,11 +555,11 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_ACCEPT_FILTER: Assign filters to allow new TCP connections ZMQ_TCP_ACCEPT_FILTER: Assign filters to allow new TCP connections
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Assign an arbitrary number of filters that will be applied for each new TCP Assign an arbitrary number of filters that will be applied for each new TCP
transport connection on a listening socket. If no filters are applied, then transport connection on a listening socket. If no filters are applied, then
the TCP transport allows connections from any IP address. If at least one the TCP transport allows connections from any IP address. If at least one
filter is applied then new connection source ip should be matched. To clear filter is applied then new connection source ip should be matched. To clear
all filters call zmq_setsockopt(socket, ZMQ_TCP_ACCEPT_FILTER, NULL, 0). all filters call zmq_setsockopt(socket, ZMQ_TCP_ACCEPT_FILTER, NULL, 0).
Filter is a null-terminated string with ipv6 or ipv4 CIDR. Filter is a null-terminated string with ipv6 or ipv4 CIDR.
[horizontal] [horizontal]
...@@ -589,8 +589,8 @@ ZMQ_PLAIN_USERNAME: Set PLAIN security username ...@@ -589,8 +589,8 @@ ZMQ_PLAIN_USERNAME: Set PLAIN security username
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the username for outgoing connections over TCP or IPC. If you set this Sets the username for outgoing connections over TCP or IPC. If you set this
to a non-null value, the security mechanism used for connections shall be to a non-null value, the security mechanism used for connections shall be
PLAIN, see linkzmq:zmq_plain[7]. If you set this to a null value, the security PLAIN, see linkzmq:zmq_plain[7]. If you set this to a null value, the security
mechanism used for connections shall be NULL, see linkzmq:zmq_null[3]. mechanism used for connections shall be NULL, see linkzmq:zmq_null[3].
[horizontal] [horizontal]
...@@ -604,8 +604,8 @@ ZMQ_PLAIN_PASSWORD: Set PLAIN security password ...@@ -604,8 +604,8 @@ ZMQ_PLAIN_PASSWORD: Set PLAIN security password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the password for outgoing connections over TCP or IPC. If you set this Sets the password for outgoing connections over TCP or IPC. If you set this
to a non-null value, the security mechanism used for connections shall be to a non-null value, the security mechanism used for connections shall be
PLAIN, see linkzmq:zmq_plain[7]. If you set this to a null value, the security PLAIN, see linkzmq:zmq_plain[7]. If you set this to a null value, the security
mechanism used for connections shall be NULL, see linkzmq:zmq_null[3]. mechanism used for connections shall be NULL, see linkzmq:zmq_null[3].
[horizontal] [horizontal]
...@@ -638,10 +638,10 @@ ZMQ_CURVE_PUBLICKEY: Set CURVE public key ...@@ -638,10 +638,10 @@ ZMQ_CURVE_PUBLICKEY: Set CURVE public key
Sets the socket's long term public key. You must set this on a CURVE Sets the socket's long term public key. You must set this on a CURVE
client or server socket, see linkzmq:zmq_curve[7]. You can provide the client or server socket, see linkzmq:zmq_curve[7]. You can provide the
key as 32 binary bytes, or as a 40-character string encoded in the Z85 key as 32 binary bytes, or as a 40-character string encoded in the Z85
encoding format. For servers, the public key must be persisted and encoding format. For servers, the public key must be persisted and
shared through some unspecified but secure mechanism to clients. The shared through some unspecified but secure mechanism to clients. The
public key must always be used with the matching secret key generated public key must always be used with the matching secret key generated
at the same time. To generate a public/secret key pair, use the at the same time. To generate a public/secret key pair, use the
tools/curve_keygen tool. tools/curve_keygen tool.
[horizontal] [horizontal]
...@@ -655,9 +655,9 @@ ZMQ_CURVE_SECRETKEY: Set CURVE secret key ...@@ -655,9 +655,9 @@ ZMQ_CURVE_SECRETKEY: Set CURVE secret key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the socket's long term secret key. You must set this on a CURVE Sets the socket's long term secret key. You must set this on a CURVE
client socket, see linkzmq:zmq_curve[7]. You can provide the key as client socket, see linkzmq:zmq_curve[7]. You can provide the key as
32 binary bytes, or as a 40-character string encoded in the Z85 encoding 32 binary bytes, or as a 40-character string encoded in the Z85 encoding
format. format.
[horizontal] [horizontal]
Option value type:: binary data or Z85 text string Option value type:: binary data or Z85 text string
...@@ -670,9 +670,9 @@ ZMQ_CURVE_SERVERKEY: Set CURVE server key ...@@ -670,9 +670,9 @@ ZMQ_CURVE_SERVERKEY: Set CURVE server key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the socket's long term server key. You must set this on a CURVE Sets the socket's long term server key. You must set this on a CURVE
client socket, see linkzmq:zmq_curve[7]. You can provide the key as client socket, see linkzmq:zmq_curve[7]. You can provide the key as
32 binary bytes, or as a 40-character string encoded in the Z85 encoding 32 binary bytes, or as a 40-character string encoded in the Z85 encoding
format. This key must be the same as the public key set on the server format. This key must be the same as the public key set on the server
socket. socket.
[horizontal] [horizontal]
...@@ -682,6 +682,22 @@ Default value:: NULL ...@@ -682,6 +682,22 @@ Default value:: NULL
Applicable socket types:: all, when using TCP transport Applicable socket types:: all, when using TCP transport
ZMQ_ZAP_DOMAIN: Set RFC 27 authentication domain
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the domain for ZAP (ZMQ RFC 27) authentication. For NULL security (the
default on all tcp:// connections), ZAP authentication only happens if you
set a non-empty domain. For PLAIN and CURVE security, ZAP requests are always
made, if there is a ZAP handler present. See http://rfc.zeromq.org/spec:27
for more details.
[horizontal]
Option value type:: character string
Option value unit:: N/A
Default value:: not set
Applicable socket types:: all, when using TCP transport
ZMQ_CONFLATE: Keep only last message ZMQ_CONFLATE: Keep only last message
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
...@@ -215,7 +215,7 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval); ...@@ -215,7 +215,7 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval);
/* 0MQ socket definition. */ /* 0MQ socket definition. */
/******************************************************************************/ /******************************************************************************/
/* Socket types. */ /* Socket types. */
#define ZMQ_PAIR 0 #define ZMQ_PAIR 0
#define ZMQ_PUB 1 #define ZMQ_PUB 1
#define ZMQ_SUB 2 #define ZMQ_SUB 2
...@@ -279,6 +279,7 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval); ...@@ -279,6 +279,7 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval);
#define ZMQ_REQ_REQUEST_IDS 52 #define ZMQ_REQ_REQUEST_IDS 52
#define ZMQ_REQ_STRICT 53 #define ZMQ_REQ_STRICT 53
#define ZMQ_CONFLATE 54 #define ZMQ_CONFLATE 54
#define ZMQ_ZAP_DOMAIN 55
/* Message options */ /* Message options */
#define ZMQ_MORE 1 #define ZMQ_MORE 1
...@@ -335,7 +336,7 @@ typedef struct { ...@@ -335,7 +336,7 @@ typedef struct {
ZMQ_EXPORT void *zmq_socket (void *, int type); ZMQ_EXPORT void *zmq_socket (void *, int type);
ZMQ_EXPORT int zmq_close (void *s); ZMQ_EXPORT int zmq_close (void *s);
ZMQ_EXPORT int zmq_setsockopt (void *s, int option, const void *optval, ZMQ_EXPORT int zmq_setsockopt (void *s, int option, const void *optval,
size_t optvallen); size_t optvallen);
ZMQ_EXPORT int zmq_getsockopt (void *s, int option, void *optval, ZMQ_EXPORT int zmq_getsockopt (void *s, int option, void *optval,
size_t *optvallen); size_t *optvallen);
ZMQ_EXPORT int zmq_bind (void *s, const char *addr); ZMQ_EXPORT int zmq_bind (void *s, const char *addr);
......
...@@ -523,8 +523,9 @@ void zmq::curve_server_t::send_zap_request (const uint8_t *key) ...@@ -523,8 +523,9 @@ void zmq::curve_server_t::send_zap_request (const uint8_t *key)
errno_assert (rc == 0); errno_assert (rc == 0);
// Domain frame // Domain frame
rc = msg.init (); rc = msg.init_size (options.zap_domain.length ());
errno_assert (rc == 0); errno_assert (rc == 0);
memcpy (msg.data (), options.zap_domain.c_str (), options.zap_domain.length ());
msg.set_flags (msg_t::more); msg.set_flags (msg_t::more);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
...@@ -537,9 +538,9 @@ void zmq::curve_server_t::send_zap_request (const uint8_t *key) ...@@ -537,9 +538,9 @@ void zmq::curve_server_t::send_zap_request (const uint8_t *key)
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
// Identity frame // Identity frame
rc = msg.init_size (options.identity_size); rc = msg.init_size (options.identity_size);
errno_assert(rc == 0); errno_assert (rc == 0);
memcpy (msg.data (), options.identity, options.identity_size); memcpy (msg.data (), options.identity, options.identity_size);
msg.set_flags (msg_t::more); msg.set_flags (msg_t::more);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
......
...@@ -44,8 +44,10 @@ zmq::null_mechanism_t::null_mechanism_t (session_base_t *session_, ...@@ -44,8 +44,10 @@ zmq::null_mechanism_t::null_mechanism_t (session_base_t *session_,
zap_request_sent (false), zap_request_sent (false),
zap_reply_received (false) zap_reply_received (false)
{ {
const int rc = session->zap_connect (); // NULL mechanism only uses ZAP if there's a domain defined
if (rc == 0) // This prevents ZAP requests on naive sockets
if (options.zap_domain.size () > 0
&& session->zap_connect () == 0)
zap_connected = true; zap_connected = true;
} }
...@@ -182,8 +184,9 @@ void zmq::null_mechanism_t::send_zap_request () ...@@ -182,8 +184,9 @@ void zmq::null_mechanism_t::send_zap_request ()
errno_assert (rc == 0); errno_assert (rc == 0);
// Domain frame // Domain frame
rc = msg.init (); rc = msg.init_size (options.zap_domain.length ());
errno_assert (rc == 0); errno_assert (rc == 0);
memcpy (msg.data (), options.zap_domain.c_str (), options.zap_domain.length ());
msg.set_flags (msg_t::more); msg.set_flags (msg_t::more);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
......
...@@ -62,7 +62,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -62,7 +62,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
{ {
bool is_int = (optvallen_ == sizeof (int)); bool is_int = (optvallen_ == sizeof (int));
int value = is_int? *((int *) optval_): 0; int value = is_int? *((int *) optval_): 0;
switch (option_) { switch (option_) {
case ZMQ_SNDHWM: case ZMQ_SNDHWM:
if (is_int && value >= 0) { if (is_int && value >= 0) {
...@@ -70,7 +70,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -70,7 +70,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_RCVHWM: case ZMQ_RCVHWM:
if (is_int && value >= 0) { if (is_int && value >= 0) {
rcvhwm = value; rcvhwm = value;
...@@ -224,7 +224,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -224,7 +224,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_IMMEDIATE: case ZMQ_IMMEDIATE:
if (is_int && (value == 0 || value == 1)) { if (is_int && (value == 0 || value == 1)) {
immediate = value; immediate = value;
...@@ -248,7 +248,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -248,7 +248,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
} }
} }
break; break;
case ZMQ_PLAIN_SERVER: case ZMQ_PLAIN_SERVER:
if (is_int && (value == 0 || value == 1)) { if (is_int && (value == 0 || value == 1)) {
as_server = value; as_server = value;
...@@ -256,7 +256,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -256,7 +256,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_PLAIN_USERNAME: case ZMQ_PLAIN_USERNAME:
if (optvallen_ == 0 && optval_ == NULL) { if (optvallen_ == 0 && optval_ == NULL) {
mechanism = ZMQ_NULL; mechanism = ZMQ_NULL;
...@@ -270,7 +270,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -270,7 +270,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_PLAIN_PASSWORD: case ZMQ_PLAIN_PASSWORD:
if (optvallen_ == 0 && optval_ == NULL) { if (optvallen_ == 0 && optval_ == NULL) {
mechanism = ZMQ_NULL; mechanism = ZMQ_NULL;
...@@ -284,7 +284,14 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -284,7 +284,14 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_ZAP_DOMAIN:
if (optvallen_ >= 0 && optvallen_ < 256) {
zap_domain.assign ((const char *) optval_, optvallen_);
return 0;
}
break;
// If libsodium isn't installed, these options provoke EINVAL // If libsodium isn't installed, these options provoke EINVAL
# ifdef HAVE_LIBSODIUM # ifdef HAVE_LIBSODIUM
case ZMQ_CURVE_SERVER: case ZMQ_CURVE_SERVER:
...@@ -294,7 +301,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -294,7 +301,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_PUBLICKEY: case ZMQ_CURVE_PUBLICKEY:
if (optvallen_ == CURVE_KEYSIZE) { if (optvallen_ == CURVE_KEYSIZE) {
memcpy (curve_public_key, optval_, CURVE_KEYSIZE); memcpy (curve_public_key, optval_, CURVE_KEYSIZE);
...@@ -308,7 +315,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -308,7 +315,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_SECRETKEY: case ZMQ_CURVE_SECRETKEY:
if (optvallen_ == CURVE_KEYSIZE) { if (optvallen_ == CURVE_KEYSIZE) {
memcpy (curve_secret_key, optval_, CURVE_KEYSIZE); memcpy (curve_secret_key, optval_, CURVE_KEYSIZE);
...@@ -322,7 +329,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -322,7 +329,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_SERVERKEY: case ZMQ_CURVE_SERVERKEY:
if (optvallen_ == CURVE_KEYSIZE) { if (optvallen_ == CURVE_KEYSIZE) {
memcpy (curve_server_key, optval_, CURVE_KEYSIZE); memcpy (curve_server_key, optval_, CURVE_KEYSIZE);
...@@ -358,7 +365,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -358,7 +365,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
{ {
bool is_int = (*optvallen_ == sizeof (int)); bool is_int = (*optvallen_ == sizeof (int));
int *value = (int *) optval_; int *value = (int *) optval_;
switch (option_) { switch (option_) {
case ZMQ_SNDHWM: case ZMQ_SNDHWM:
if (is_int) { if (is_int) {
...@@ -487,7 +494,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -487,7 +494,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_IPV6: case ZMQ_IPV6:
if (is_int) { if (is_int) {
*value = ipv6; *value = ipv6;
...@@ -536,14 +543,14 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -536,14 +543,14 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_PLAIN_SERVER: case ZMQ_PLAIN_SERVER:
if (is_int) { if (is_int) {
*value = as_server && mechanism == ZMQ_PLAIN; *value = as_server && mechanism == ZMQ_PLAIN;
return 0; return 0;
} }
break; break;
case ZMQ_PLAIN_USERNAME: case ZMQ_PLAIN_USERNAME:
if (*optvallen_ >= plain_username.size () + 1) { if (*optvallen_ >= plain_username.size () + 1) {
memcpy (optval_, plain_username.c_str (), plain_username.size () + 1); memcpy (optval_, plain_username.c_str (), plain_username.size () + 1);
...@@ -551,7 +558,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -551,7 +558,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_PLAIN_PASSWORD: case ZMQ_PLAIN_PASSWORD:
if (*optvallen_ >= plain_password.size () + 1) { if (*optvallen_ >= plain_password.size () + 1) {
memcpy (optval_, plain_password.c_str (), plain_password.size () + 1); memcpy (optval_, plain_password.c_str (), plain_password.size () + 1);
...@@ -559,7 +566,15 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -559,7 +566,15 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_ZAP_DOMAIN:
if (*optvallen_ >= zap_domain.size () + 1) {
memcpy (optval_, zap_domain.c_str (), zap_domain.size () + 1);
*optvallen_ = zap_domain.size () + 1;
return 0;
}
break;
// If libsodium isn't installed, these options provoke EINVAL // If libsodium isn't installed, these options provoke EINVAL
# ifdef HAVE_LIBSODIUM # ifdef HAVE_LIBSODIUM
case ZMQ_CURVE_SERVER: case ZMQ_CURVE_SERVER:
...@@ -568,7 +583,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -568,7 +583,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_PUBLICKEY: case ZMQ_CURVE_PUBLICKEY:
if (*optvallen_ == CURVE_KEYSIZE) { if (*optvallen_ == CURVE_KEYSIZE) {
memcpy (optval_, curve_public_key, CURVE_KEYSIZE); memcpy (optval_, curve_public_key, CURVE_KEYSIZE);
...@@ -580,7 +595,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -580,7 +595,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_SECRETKEY: case ZMQ_CURVE_SECRETKEY:
if (*optvallen_ == CURVE_KEYSIZE) { if (*optvallen_ == CURVE_KEYSIZE) {
memcpy (optval_, curve_secret_key, CURVE_KEYSIZE); memcpy (optval_, curve_secret_key, CURVE_KEYSIZE);
...@@ -592,7 +607,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -592,7 +607,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_CURVE_SERVERKEY: case ZMQ_CURVE_SERVERKEY:
if (*optvallen_ == CURVE_KEYSIZE) { if (*optvallen_ == CURVE_KEYSIZE) {
memcpy (optval_, curve_server_key, CURVE_KEYSIZE); memcpy (optval_, curve_server_key, CURVE_KEYSIZE);
......
...@@ -92,7 +92,7 @@ namespace zmq ...@@ -92,7 +92,7 @@ namespace zmq
// If true, IPv6 is enabled (as well as IPv4) // If true, IPv6 is enabled (as well as IPv4)
bool ipv6; bool ipv6;
// If 1, connecting pipes are not attached immediately, meaning a send() // If 1, connecting pipes are not attached immediately, meaning a send()
// on a socket with only connecting pipes would block // on a socket with only connecting pipes would block
int immediate; int immediate;
...@@ -119,10 +119,13 @@ namespace zmq ...@@ -119,10 +119,13 @@ namespace zmq
// Security mechanism for all connections on this socket // Security mechanism for all connections on this socket
int mechanism; int mechanism;
// If peer is acting as server for PLAIN or CURVE mechanisms // If peer is acting as server for PLAIN or CURVE mechanisms
int as_server; int as_server;
// ZAP authentication domain
std::string zap_domain;
// Security credentials for PLAIN mechanism // Security credentials for PLAIN mechanism
std::string plain_username; std::string plain_username;
std::string plain_password; std::string plain_password;
......
...@@ -368,8 +368,9 @@ void zmq::plain_mechanism_t::send_zap_request (const std::string &username, ...@@ -368,8 +368,9 @@ void zmq::plain_mechanism_t::send_zap_request (const std::string &username,
errno_assert (rc == 0); errno_assert (rc == 0);
// Domain frame // Domain frame
rc = msg.init (); rc = msg.init_size (options.zap_domain.length ());
errno_assert (rc == 0); errno_assert (rc == 0);
memcpy (msg.data (), options.zap_domain.c_str (), options.zap_domain.length ());
msg.set_flags (msg_t::more); msg.set_flags (msg_t::more);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
...@@ -382,9 +383,9 @@ void zmq::plain_mechanism_t::send_zap_request (const std::string &username, ...@@ -382,9 +383,9 @@ void zmq::plain_mechanism_t::send_zap_request (const std::string &username,
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
// Identity frame // Identity frame
rc = msg.init_size (options.identity_size); rc = msg.init_size (options.identity_size);
errno_assert(rc == 0); errno_assert (rc == 0);
memcpy (msg.data (), options.identity, options.identity_size); memcpy (msg.data (), options.identity, options.identity_size);
msg.set_flags (msg_t::more); msg.set_flags (msg_t::more);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
......
...@@ -37,7 +37,7 @@ static void zap_handler (void *ctx) ...@@ -37,7 +37,7 @@ static void zap_handler (void *ctx)
assert (zap); assert (zap);
int rc = zmq_bind (zap, "inproc://zeromq.zap.01"); int rc = zmq_bind (zap, "inproc://zeromq.zap.01");
assert (rc == 0); assert (rc == 0);
// Process ZAP requests forever // Process ZAP requests forever
while (true) { while (true) {
char *version = s_recv (zap); char *version = s_recv (zap);
...@@ -49,6 +49,8 @@ static void zap_handler (void *ctx) ...@@ -49,6 +49,8 @@ static void zap_handler (void *ctx)
char *address = s_recv (zap); char *address = s_recv (zap);
char *identity = s_recv (zap); char *identity = s_recv (zap);
char *mechanism = s_recv (zap); char *mechanism = s_recv (zap);
printf ("CURVE domain=%s address=%s identity=%s mechanism=%s\n",
domain, address, identity, mechanism);
uint8_t client_key [32]; uint8_t client_key [32];
int size = zmq_recv (zap, client_key, 32, 0); int size = zmq_recv (zap, client_key, 32, 0);
assert (size == 32); assert (size == 32);
...@@ -62,7 +64,7 @@ static void zap_handler (void *ctx) ...@@ -62,7 +64,7 @@ static void zap_handler (void *ctx)
s_sendmore (zap, version); s_sendmore (zap, version);
s_sendmore (zap, sequence); s_sendmore (zap, sequence);
if (streq (client_key_text, client_public)) { if (streq (client_key_text, client_public)) {
s_sendmore (zap, "200"); s_sendmore (zap, "200");
s_sendmore (zap, "OK"); s_sendmore (zap, "OK");
...@@ -127,7 +129,7 @@ int main (void) ...@@ -127,7 +129,7 @@ int main (void)
bounce (server, client); bounce (server, client);
rc = zmq_close (client); rc = zmq_close (client);
assert (rc == 0); assert (rc == 0);
// Check CURVE security with a garbage server key // Check CURVE security with a garbage server key
// This will be caught by the curve_server class, not passed to ZAP // This will be caught by the curve_server class, not passed to ZAP
char garbage_key [] = "0000111122223333444455556666777788889999"; char garbage_key [] = "0000111122223333444455556666777788889999";
...@@ -143,7 +145,7 @@ int main (void) ...@@ -143,7 +145,7 @@ int main (void)
assert (rc == 0); assert (rc == 0);
expect_bounce_fail (server, client); expect_bounce_fail (server, client);
close_zero_linger (client); close_zero_linger (client);
// Check CURVE security with a garbage client public key // Check CURVE security with a garbage client public key
// This will be caught by the curve_server class, not passed to ZAP // This will be caught by the curve_server class, not passed to ZAP
client = zmq_socket (ctx, ZMQ_DEALER); client = zmq_socket (ctx, ZMQ_DEALER);
...@@ -158,7 +160,7 @@ int main (void) ...@@ -158,7 +160,7 @@ int main (void)
assert (rc == 0); assert (rc == 0);
expect_bounce_fail (server, client); expect_bounce_fail (server, client);
close_zero_linger (client); close_zero_linger (client);
// Check CURVE security with a garbage client secret key // Check CURVE security with a garbage client secret key
// This will be caught by the curve_server class, not passed to ZAP // This will be caught by the curve_server class, not passed to ZAP
client = zmq_socket (ctx, ZMQ_DEALER); client = zmq_socket (ctx, ZMQ_DEALER);
...@@ -173,12 +175,12 @@ int main (void) ...@@ -173,12 +175,12 @@ int main (void)
assert (rc == 0); assert (rc == 0);
expect_bounce_fail (server, client); expect_bounce_fail (server, client);
close_zero_linger (client); close_zero_linger (client);
// Check CURVE security with bogus client credentials // Check CURVE security with bogus client credentials
// This must be caught by the ZAP handler // This must be caught by the ZAP handler
char bogus_public [] = "8)<]6{NT{}=MZBsH)i%l0k}y*^i#80n-Yf{I8Z+P"; char bogus_public [] = "8)<]6{NT{}=MZBsH)i%l0k}y*^i#80n-Yf{I8Z+P";
char bogus_secret [] = "[m9E0TW2Mf?Ke3K>fuBGCrkBpc6aJbj4jv4451Nx"; char bogus_secret [] = "[m9E0TW2Mf?Ke3K>fuBGCrkBpc6aJbj4jv4451Nx";
client = zmq_socket (ctx, ZMQ_DEALER); client = zmq_socket (ctx, ZMQ_DEALER);
assert (client); assert (client);
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 40); rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 40);
...@@ -191,13 +193,13 @@ int main (void) ...@@ -191,13 +193,13 @@ int main (void)
assert (rc == 0); assert (rc == 0);
expect_bounce_fail (server, client); expect_bounce_fail (server, client);
close_zero_linger (client); close_zero_linger (client);
// Shutdown // Shutdown
rc = zmq_close (server); rc = zmq_close (server);
assert (rc == 0); assert (rc == 0);
rc = zmq_ctx_term (ctx); rc = zmq_ctx_term (ctx);
assert (rc == 0); assert (rc == 0);
// Wait until ZAP handler terminates // Wait until ZAP handler terminates
zmq_threadclose (zap_thread); zmq_threadclose (zap_thread);
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include "testutil.hpp" #include "testutil.hpp"
static void static void
zap_handler (void *ctx) zap_handler (void *ctx)
{ {
// Create and bind ZAP socket // Create and bind ZAP socket
...@@ -36,19 +36,18 @@ zap_handler (void *ctx) ...@@ -36,19 +36,18 @@ zap_handler (void *ctx)
char *version = s_recv (zap); char *version = s_recv (zap);
if (!version) if (!version)
break; // Terminating break; // Terminating
char *sequence = s_recv (zap); char *sequence = s_recv (zap);
char *domain = s_recv (zap); char *domain = s_recv (zap);
char *address = s_recv (zap); char *address = s_recv (zap);
char *identity = s_recv (zap); char *identity = s_recv (zap);
char *mechanism = s_recv (zap); char *mechanism = s_recv (zap);
printf ("domain=%s address=%s identity=%s mechanism=%s\n",
domain, address, identity, mechanism);
assert (streq (version, "1.0")); assert (streq (version, "1.0"));
assert (streq (mechanism, "NULL")); assert (streq (mechanism, "NULL"));
// TODO: null_mechanism.cpp issues ZAP requests for connections other assert (streq (identity, "IDENT"));
// than the expected one. In these cases identity is not set, and the
// test fails. We'd expect one ZAP request per real client connection.
// assert (streq (identity, "IDENT"));
s_sendmore (zap, version); s_sendmore (zap, version);
s_sendmore (zap, sequence); s_sendmore (zap, sequence);
...@@ -56,7 +55,7 @@ zap_handler (void *ctx) ...@@ -56,7 +55,7 @@ zap_handler (void *ctx)
s_sendmore (zap, "OK"); s_sendmore (zap, "OK");
s_sendmore (zap, "anonymous"); s_sendmore (zap, "anonymous");
s_send (zap, ""); s_send (zap, "");
free (version); free (version);
free (sequence); free (sequence);
free (domain); free (domain);
...@@ -73,7 +72,7 @@ int main (void) ...@@ -73,7 +72,7 @@ int main (void)
setup_test_environment(); setup_test_environment();
void *ctx = zmq_ctx_new (); void *ctx = zmq_ctx_new ();
assert (ctx); assert (ctx);
// Spawn ZAP handler // Spawn ZAP handler
void *zap_thread = zmq_threadstart (&zap_handler, ctx); void *zap_thread = zmq_threadstart (&zap_handler, ctx);
...@@ -82,26 +81,28 @@ int main (void) ...@@ -82,26 +81,28 @@ int main (void)
assert (server); assert (server);
int rc = zmq_setsockopt (server, ZMQ_IDENTITY, "IDENT", 6); int rc = zmq_setsockopt (server, ZMQ_IDENTITY, "IDENT", 6);
assert (rc == 0); assert (rc == 0);
rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "TEST", 4);
assert (rc == 0);
rc = zmq_bind (server, "tcp://*:9999"); rc = zmq_bind (server, "tcp://*:9999");
assert (rc == 0); assert (rc == 0);
// Client socket that will try to connect to server // Client socket that will try to connect to server
void *client = zmq_socket (ctx, ZMQ_DEALER); void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client); assert (client);
rc = zmq_connect (client, "tcp://localhost:9999"); rc = zmq_connect (client, "tcp://localhost:9999");
assert (rc == 0); assert (rc == 0);
bounce (server, client); bounce (server, client);
rc = zmq_close (client); rc = zmq_close (client);
assert (rc == 0); assert (rc == 0);
rc = zmq_close (server); rc = zmq_close (server);
assert (rc == 0); assert (rc == 0);
// Shutdown // Shutdown
rc = zmq_ctx_term (ctx); rc = zmq_ctx_term (ctx);
assert (rc == 0); assert (rc == 0);
// Wait until ZAP handler terminates. // Wait until ZAP handler terminates.
zmq_threadclose (zap_thread); zmq_threadclose (zap_thread);
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include "testutil.hpp" #include "testutil.hpp"
static void static void
zap_handler (void *ctx) zap_handler (void *ctx)
{ {
// Create and bind ZAP socket // Create and bind ZAP socket
...@@ -43,7 +43,9 @@ zap_handler (void *ctx) ...@@ -43,7 +43,9 @@ zap_handler (void *ctx)
char *mechanism = s_recv (zap); char *mechanism = s_recv (zap);
char *username = s_recv (zap); char *username = s_recv (zap);
char *password = s_recv (zap); char *password = s_recv (zap);
printf ("PLAIN domain=%s address=%s identity=%s mechanism=%s\n",
domain, address, identity, mechanism);
assert (streq (version, "1.0")); assert (streq (version, "1.0"));
assert (streq (mechanism, "PLAIN")); assert (streq (mechanism, "PLAIN"));
assert (streq (identity, "IDENT")); assert (streq (identity, "IDENT"));
...@@ -81,7 +83,7 @@ int main (void) ...@@ -81,7 +83,7 @@ int main (void)
setup_test_environment(); setup_test_environment();
void *ctx = zmq_ctx_new (); void *ctx = zmq_ctx_new ();
assert (ctx); assert (ctx);
// Spawn ZAP handler // Spawn ZAP handler
void *zap_thread = zmq_threadstart (&zap_handler, ctx); void *zap_thread = zmq_threadstart (&zap_handler, ctx);
...@@ -95,10 +97,10 @@ int main (void) ...@@ -95,10 +97,10 @@ int main (void)
assert (rc == 0); assert (rc == 0);
rc = zmq_bind (server, "tcp://*:9998"); rc = zmq_bind (server, "tcp://*:9998");
assert (rc == 0); assert (rc == 0);
char username [256]; char username [256];
char password [256]; char password [256];
// Check PLAIN security with correct username/password // Check PLAIN security with correct username/password
void *client = zmq_socket (ctx, ZMQ_DEALER); void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client); assert (client);
...@@ -125,7 +127,7 @@ int main (void) ...@@ -125,7 +127,7 @@ int main (void)
assert (rc == 0); assert (rc == 0);
expect_bounce_fail (server, client); expect_bounce_fail (server, client);
close_zero_linger (client); close_zero_linger (client);
// Check PLAIN security -- failed authentication // Check PLAIN security -- failed authentication
client = zmq_socket (ctx, ZMQ_DEALER); client = zmq_socket (ctx, ZMQ_DEALER);
assert (client); assert (client);
...@@ -145,7 +147,7 @@ int main (void) ...@@ -145,7 +147,7 @@ int main (void)
assert (rc == 0); assert (rc == 0);
rc = zmq_ctx_term (ctx); rc = zmq_ctx_term (ctx);
assert (rc == 0); assert (rc == 0);
// Wait until ZAP handler terminates // Wait until ZAP handler terminates
zmq_threadclose (zap_thread); zmq_threadclose (zap_thread);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment